1. 首頁
  2. 問答
  3. Flask Python中的無效登錄邏輯

Flask Python中的無效登錄邏輯

2013-05-02 75 views
1

我正在使用Flask與SQLAlchemy和Flask-Login。Flask Python中的無效登錄邏輯

我可以成功登錄並註銷一個註冊用戶。

我發現令人困惑的是,當我在登錄頁面輸入不正確的密碼時,我回到登錄頁面,並顯示「Welcome [email protected]」代碼,如果我成功登錄,只會出現

@app.route('/login', methods=['GET', 'POST']) 
def login(): 
    form = LoginForm() 
     user = User.query.filter_by(email=form.email.data).first() 
     if form.validate_on_submit(): 
      if user and check_password_hash(user.password, form.password.data): 
       session['user_id'] = user.id 
       flash('Welcome %s' % user.email) 
       return redirect(url_for('dashboard')) 
      else: 
       flash('Wrong email or password') 
       return render_template("login.html", form=form) 
     flash('The email or password is wrong.') 

    return render_template("login.html", form=form)

編輯:由於TIGRA,這是我結束了。

views.py

@app.route('/login', methods=['GET', 'POST']) 
def login(): 
    form = LoginForm() 
    user = User.query.filter_by(email=form.email.data).first() 
    if request.method == "POST": 
     if form.validate(): 
      # the session can't be modified as it's signed, 
      # so it's a safe place to store the user 
      session['user_id'] = user.id 
      flash('Welcome %s' % user.email) 
      return redirect(url_for('dashboard')) 
     else: 
      flash('Wrong email or password') 
      return render_template("login.html", form=form) 
    return render_template("login.html", form=form)

forms.py

from models import User 
from werkzeug import check_password_hash 

class LoginForm(Form): 
    email = TextField('email', validators = [Required(), Email()]) 
    password = PasswordField('password', validators = [Required()]) 
    remember_me = BooleanField('remember_me', default = False) 

    def __init__(self, *args, **kwargs): 
     Form.__init__(self, *args, **kwargs) 
     self.user = None 

    def validate(self): 
     rv = Form.validate(self) 
     if not rv: 
      return False 

     user = User.query.filter_by(email=self.email.data).first() 
     if user is None: 
      self.email.errors.append('Unknown username') 
      return False 

     if not check_password_hash(user.password,self.password.data): 
      self.password.errors.append('Invalid password') 
      return False 

     self.user = user 
     return True

來源

2013-05-02 kerno

回答

3

你有兩個問題:

1)你不應該做這樣的檢查(登錄/表單驗證後的密碼)。應該內部形式本身來定義,閱讀有關wtforms

2)此外,還要確保自定義驗證,格式化您介紹的是實際的一個,becouse你在呈現的格式至少錯誤:

form = LoginForm() 
    user = User.query.filter_by(email=form.email.data).first()

所以不能確定沒有更多。
另外,你的passcheck函數來自werzkeug.security?

至於表單自定義驗證有一個例子:
使用這種方法實際驗證失敗,沒有額外的檢查

class LoginForm(SafeForm): 
    email=TextField(__("E-Mail"),validators=[Required()]) 
    password=PasswordField(__("Password"),validators=[Required()]) 
    submit=SubmitField(__("Login")) 

    def __init__(self,*k,**kk): 
     self._user=None #for internal user storing 
     super(LoginForm,self).__init__(*k,**kk) 

    def validate(self): 
     self._user=User.query.filter(User.email==self.email.data).first() 
     return super(LoginForm,self).validate() 

    def validate_email(self,field): 
     if self._user is None: 
      raise ValidationError(_("E-Mail not recognized")) 


    def validate_password(self,field): 
     if self._user is None: 
      raise ValidationError() #just to be sure 
     if not self._user.validate_password(self.password.data): #passcheck embedded into user model 
      raise ValidationError(_("Password incorrect"))

來源

2013-05-02 11:33:45 Tigra

+0

感謝TIGRA!你讓我想到這是如何工作的,而且我已經成功修改了它。 – kerno 2013-05-02 12:26:49

相關問題

 相關問題